Purpose of this Web Site

I am a Founding Associate Professor of Information Sciences and Technology and Assistant Professor of Communication Arts and Sciences at Penn State University, Many of the classes I teach are in our Security and Risk Analysis major - including Overview of Security and Risk Analysis, Computer and Cyber-Forensics and Security and Risk Management.

During the 1980's and 90's I was a manager at Penn State's Information Technology Services, and my team was responsible for workstation and network security before the establishment of Penn State's Security Operations and Services group.

I have spent many hours giving advice to friends, family and students on the best ways to protect their information and computers from compromise and theft. Having seen, once again, a rise in the variety and sophistication of malware attacks, I have decided to create this Web site to serve as a simple overview and introduction to the things an individual can do to protect themselves, and their family, from information theft.

This site is NOT intended to be 100% comprehensive. It is intended as a simple, quick, start. I will give a small amount of background, and will then skip tp practical tips and strategies to protect your information, data, programs and identity. If you want complete information you should take one of my classes at Penn State :-).

I will be adding to this site constantly. The best defense is knowledge and a bit of preparation. If the information on this Web site confuses you I suggest you find the nearest 12-year-old and ask for help. (I'm not kidding - kids today are often way more tech savvy than their parents...)

Is Internet Security Really a Problem?

Are you kidding? In tests run at Penn State an insecure PC connected to the Internet was infected in an average of 23 minutes. There are well over 100,000 known varieties of malware for Windows systems alone. Macintosh users are not immune, nor are Linux users. In the case of the Macintosh, the argument is mainly semantic - what is a 'virus,' what is a 'trojan,' etc. Most security professionals today group all online threats into the category of 'malware' -- which, loosely, includes any effort (software or social engineering) that has the goal of stealing information, compromising system control, or otherwise breaching the privacy of systems and users.

The Bad News:

The bad news is that the threat from malware is increasing at an amazing rate. Major security organizations claim that as many as 80% of all systems are infected in some way. Botnets alone represent a major national security threat. Almost every government on the planet (including the U.S.) has established a cyber-warfare unit whose goal is to prevent (if possible) attacks on infrastructure such as the power grid and financial networks. The sophistication of malware design and strategy has already reached a level where it can be daunting even to the person with significant skills in information technology. Unless you enjoy taking risks with your identity, and really love paying people like me big bucks to try to rebuild your systems, you will take the situation seriously. If you do not follow my advice you risk, at a minimum, a lot of hassle and cost. At a maximum you risk permenantly losing your photographs, your music, documents, and programs -- and use of your computer system for days or weeks.

The Good News:

There are a few, fairly simple, steps you can take to protect your computers and information. Yes, these require a small bit of learning. I do encourage my students to help those around them (parents, grandparents, friends, etc.). Do not be afraid to ask for help, but make sure the person you are asking has a clue. There is an old saying - "In the Land of the Blind the One-Eyed Man is King" - it may be a good idea to identify someone with decent IT skills before you need them -- and be very nice to them (make cookies, buy them a beer, etc.).

The Rest of This Site:

The rest of this site consists of pages on different aspects of Internet Security. I expect to be frequently updating this site. I welcome comments and questions, but please understand that I am not running a consulting business - so I will be unable to answer specific security questions. I am also NOT guaranteeing that following these steps will always keep you safe -- but they will address a very large percentage of the risk you will find on the Internet, and help to make recovery far less traumatic than it could be.

About the author:

This site is developed and maintained by Dr. Gerald M. (Gerry) Santoro - gmsantoro@gmail.com -- it is made freely available for educational purposes as a community service. If you wish to verify my identity you may look me up in the faculty directory for the College of Information Sciences and Technology at The Pennsylvania State University.

Shameless, but honest, plug ...

If you want to learn more about computer security, and possibly develop a career in computer and network security. I urge you to check out the Bachelor of Science Degree in Security and Risk Analysis at Penn State University. Our students learn state-of-art methodologies, develop current skills, and become certified by the National Security Agency upon graduation.Important note: I recently gave a talk at Penn State about protecting your privacy online. Here is a video version of the talk:

This page created and made available for educational purposes by Dr. Gerry Santoro - gmsantoro@gmail.com